Advanced search  

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Pages: [1]   Go Down

Author Topic: cpg1.5.18 Security release - upgrade mandatory!  (Read 47134 times)

0 Members and 1 Guest are viewing this topic.

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15764
cpg1.5.18 Security release - upgrade mandatory!
« on: January 10, 2012, 11:38:48 am »

The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.16 or older update to this latest version as soon as possible.

How to update:
Users running versions prior to 1.5.18 should update immediately by downloading the latest version from the download page and following the upgrade steps in the documentation.

Support:
If you have problems with this update, please use the Update support board. Do not post your issues to this announcement thread - your post will be deleted without notice.

Why was cpg1.5.18 released?
The release covers a path disclosure vulnerability. If unpatched, it's possible to generate an error that will reveal the full path of the script. A remote user can determine the full path to the web root directory and other potentially sensitive information.

Additionally, cpg1.5.18 includes fixes for the following non-security related issues:
  • Added plugin hook 'upload_file_name'
  • Add default values on 'onlinestats' installation to avoid weird dates right after plugin installation (thread)
  • Updated Arabic language file (user contribution)
  • Fixed simple upload process when users can just upload to their personal gallery (thread)
  • Added upload button after each album name in album manager
  • Added anchors on plugin manager
  • Fixed infinite loop for delayed cookie issue workaround (thread)
  • Disallow dots in cookie name (thread)
  • Fixed issue with very big 'Max size for uploaded files' values (thread)
  • Fixed album thumbnails for public albums in 'My gallery' view for regular users
  • Fixed clickable keywords with spaces (thread)
  • Fixed critical error for 'lasthits' meta album (thread)
  • Fixed misleading error message when uploading files that exceed the file size limit with the simple upload form (thread)
  • Added hidden feature "Create sub-directory named according to the album ID in users' upload directories during HTTP upload"
  • Use selected album thumbnail for 'lastup' meta album (thread)
  • Create user album in personal gallery when user is created via the user manager (thread)
  • Added captcha for ecards feature (thread)
  • Fixed a potential path disclosure vulnerability in core plugin configuration files
  • Updated date/time formats in English (British) language file (thread)
  • Updated header information to reflect new year

The Coppermine Team
« Last Edit: January 10, 2012, 11:54:53 am by Αndré »
Logged

pols1337

  • Coppermine frequent poster
  • ***
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 244
Re: cpg1.5.18 Security release - upgrade mandatory!
« Reply #1 on: January 12, 2012, 09:47:39 pm »

Nice work on the upgrade
Logged

oleredeye

  • Coppermine newbie
  • Offline Offline
  • Posts: 3
Re: cpg1.5.18 Security release - upgrade mandatory!
« Reply #2 on: January 14, 2012, 03:51:19 pm »

Smooth upgrade to Coppermine 1.5.18 - just followed the documentation:  no problems!

Many thanks from The Helmsley Archive http://www.helmsleyarchive.org.uk/
Logged

François Keller

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: fr
  • Offline Offline
  • Gender: Male
  • Posts: 9094
  • aka Frantz
    • Ma galerie
Logged
Avez vous lu la DOC ? la FAQ ? et cherché sur le forum avant de poster ?
Did you read the DOC ? the FAQ ? and search the board before posting ?
Mon Blog

bilder

  • Coppermine newbie
  • Offline Offline
  • Posts: 3
Re: cpg1.5.18 Security release - upgrade mandatory!
« Reply #4 on: January 16, 2012, 12:22:48 pm »

Nice work on the upgrade, I am loking forward to trying it out.
Logged

Mikaelft

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 30
Re: cpg1.5.18 Security release - upgrade mandatory!
« Reply #5 on: March 02, 2012, 04:14:37 pm »

Thanks, updating now. Are there any language changes?
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15764
Re: cpg1.5.18 Security release - upgrade mandatory!
« Reply #6 on: March 02, 2012, 04:28:07 pm »

Have a look at the changelog.


Locking.
Logged
Pages: [1]   Go Up
 

Page created in 0.028 seconds with 20 queries.